Merge pull request #616 from asgrim/add-security-policy

asgrim · web-flow · commit 2d228f193f7e · 2026-05-15T08:00:10.000+01:00
Add security policy
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -7,7 +7,7 @@
 
 ## PR submitter checklist
 
-- [ ] I have read [CONTRIBUTING.md](../CONTRIBUTING.md)
+- [ ] I have read [CONTRIBUTING.md](https://github.com/php/pie/blob/HEAD/CONTRIBUTING.md)
 - [ ] I discussed this <bug|feature> with the maintainers in #<issue_number> (complete as appropriate)
 - [ ] I have added appropriate tests
 - [ ] I confirm that I have the right to submit this under the project's open source licence
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions will receive security updates.
+
+| Version | Security updates   |
+| ------- | ------------------ |
+| 1.5.x   | :white_check_mark: |
+| 1.4.x   | :white_check_mark: |
+| 1.3.x   | :white_check_mark: |
+| < 1.3   | :x:                |
+
+## Reporting a Vulnerability
+
+Please do not publicly disclose security vulnerabilities.
+
+If you discover something that you think may be a vulnerability, please
+[report it **privately** on GitHub](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability).
+
+ * Go to the [Security and Quality](https://github.com/php/pie/security) tab in the PIE repository.
+ * Click **Report a vulnerability** and fill in the form with as much information as possible.
+ * Hit submit, and we'll look into it as soon as possible.
+
+Thank you for responsibly disclosing issues in PIE 🥧
